Chapril/xmpp.chapril.org-ejabberd
25
1
Fork 0
mirror of https://github.com/processone/ejabberd.git synced 2024-11-24 16:23:40 +01:00
Code Releases Activity

Update the Guide about using access_commands in YAML/CFG files

Browse Source
This commit is contained in:
Badlop 2015-01-15 20:00:35 +01:00
parent 2c4647a980
commit 146adce3d6
1 changed files with 39 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

46
doc/guide.tex
View File

@ -5403,15 +5403,10 @@ The \term{ejabberdctl commands} are:
The \term{ejabberdctl} script can be restricted to require authentication The \term{ejabberdctl} script can be restricted to require authentication
and execute some \term{ejabberd commands}; see \ref{accesscommands}. and execute some \term{ejabberd commands}; see \ref{accesscommands}.
Add the option to the file \term{ejabberd.yml}.
In this example there is no restriction:
\begin{verbatim}
ejabberdctl_access_commands: []
\end{verbatim}
If account \term{robot1@example.org} is registered in \ejabberd{} with password \term{abcdef} If account \term{robot1@example.org} is registered in \ejabberd{} with password \term{abcdef}
(which MD5 is E8B501798950FC58AAD83C8C14978E), (which MD5 is E8B501798950FC58AAD83C8C14978E),
and \term{ejabberd.yml} contains this setting: and your old-format configuration file contains this setting:
\begin{verbatim} \begin{verbatim}
{hosts, ["example.org"]}. {hosts, ["example.org"]}.
{acl, bots, {user, "robot1", "example.org"}}. {acl, bots, {user, "robot1", "example.org"}}.
@ -5599,8 +5594,17 @@ The most interesting ones are:
\makesubsection{accesscommands}{Restrict Execution with AccessCommands} \makesubsection{accesscommands}{Restrict Execution with AccessCommands}
The frontends can be configured to restrict access to certain commands. The frontends can be configured to restrict access to certain commands
using the \term{AccessCommands}.
In that case, authentication information must be provided. In that case, authentication information must be provided.
This option allows quite complex settings, so it does not use the YAML format,
instead it uses the Erlang format.
If you want to set that option,
then you must move the frontend definition to another config file
and include it using the \term{include\_config\_file} option
(see section~\ref{includeconfigfile} and the example below).
In each frontend the \term{AccessCommands} option is defined In each frontend the \term{AccessCommands} option is defined
in a different place. But in all cases the option syntax is the same: in a different place. But in all cases the option syntax is the same:
\begin{verbatim} \begin{verbatim}
@ -5658,6 +5662,34 @@ See another list of restrictions (the corresponding ACL and ACCESS are not shown
] ]
\end{verbatim} \end{verbatim}
In summary, you put the frontends configurations in a CFG file using Erlang format, for example a file called \term{additional.cfg}:
\begin{verbatim}
{ejabberdctl_access_commands, [ {ctlaccess, [registered_users, register], []} ]}.
{listen, [
{4560, ejabberd_xmlrpc, [{maxsessions, 10}, {timeout, 5000},
{access_commands, [
{ctlaccess, [registered_users], [{host, "localhost"}]}
]}
]}
]}.
{modules, [
{mod_rest, [
{allowed_ips, [ {127,0,0,1}, {192,168,1,12} ]},
{allowed_destinations, [ "nolan@localhost", "admin@example.com" ]},
{allowed_stanza_types, [ "message", "presence", "iq" ]},
{access_commands, [
{ctlaccess, [registered_users], [{host, "localhost"}]}
]}
]}
]}.
\end{verbatim}
and then add this line at the end of your main ejabberd configuration file, usually called \term{ejabberd.yml}:
\begin{verbatim}
include_config_file: "/etc/ejabberd/additional.cfg"
\end{verbatim}
\makesection{webadmin}{Web Admin} \makesection{webadmin}{Web Admin}
\ind{web admin} \ind{web admin}